1QUIC Design Overview 2==================== 3 4The QUIC implementation in OpenSSL is roughly described by the following 5picture. 6 7 8 9SSL API 10------- 11 12The application facing public API of the OpenSSL library. 13 14Stream Send and Read Buffers 15---------------------------- 16 17Buffers for stream data to be sent or received from the peer over the 18QUIC protocol. These are necessary to support existing semantics of the 19SSL_read and SSL_write functions. 20 21They will be bypassed with a single-copy API for read and write (_not 22for MVP_). 23 24Frame in Flight Manager 25----------------------- 26 27The frame in flight manager manages the queueing of frames which may need to be 28retransmitted if the packets in which they were transmitted were lost. It is 29[discussed in more detail here.](./quic-fifm.md) 30 31Connection State Machine 32------------------------ 33 34A state machine handling the state for a QUIC connection. 35 36Connection ID Cache 37------------------- 38 39A table matching Connection IDs with Connection objects represented 40via SSL objects. 41 42_In MVP there is a many-to-1 matching of Connection IDs to Connection 43objects. Refer third paragraph in [5.1]_ 44 45[5.1]: (https://datatracker.ietf.org/doc/html/rfc9000#section-5.1) 46 47Timer And Event Queue 48--------------------- 49 50Queue of events that need to be handled asynchronously or at a later 51time. 52 53TLS Handshake Record Layer 54-------------------------- 55 56A module that uses the Record Layer API to implement the inner TLS-1.3 57protocol handshake. It produces and parses the QUIC CRYPTO frames. 58 59TX Packetizer 60------------- 61 62This module creates frames from the application data obtained from 63the application. It also receives CRYPTO frames from the TLS Handshake 64Record Layer and ACK frames from the ACK Handling And Loss Detector 65subsystem. 66 67RX Frame Handler 68---------------- 69 70Decrypted packets are split into frames here and the frames are forwarded 71either as data or as events to the subsequent modules based on the frame 72type. Flow Controller And Statistics Collector is consulted for decisions 73and to record the statistics of the received stream data. 74 75Flow Controller 76--------------- 77 78This module is consulted by the TX Packetizer and RX Frame Handler for flow 79control decisions at both the stream and connection levels. 80 81Statistics Collector 82-------------------- 83 84This module maintains statistics about a connection, most notably the estimated 85round trip time to the remote peer. 86 87QUIC Write Record Layer 88----------------------- 89 90Encryption of packets according to the given encryption level and with 91the appropriate negotiated algorithm happens here. 92 93Resulting packets are sent through the Datagram BIO interface to the 94network. 95 96QUIC Read Record Layer 97---------------------- 98 99Decryption of packets according to the given encryption level and with 100the appropriate negotiated algorithm happens here. 101 102Packets are received from the network through the Datagram BIO interface. 103 104Congestion Controller 105--------------------- 106 107This is a pluggable API that provides calls to record data relevant 108for congestion control decisions and to query for decision on whether 109more data is allowed to be sent or not. 110 111The module is called by the TX Packetizer and the ACK Handling And 112Loss Detector modules. 113 114ACK Handling And Loss Detector 115------------------------------ 116 117A module that tracks packets sent to the peer and received ACK frames. 118It detects lost packets (after an ACK is not received in time). It informs 119TX packetizer that it can drop frames waiting to be ACKed when ACK is received. 120It also schedules retransmits of frames from packets that are considered 121to be lost. 122 123The module also handles the receiving side - it schedules when ACK frames should 124be sent for the received packets. 125 126Path And Conn Demultiplexer 127--------------------------- 128 129On server side this module is shared between multiple SSL connection objects 130which makes it a special kind of module. It dispatches the received packets 131to the appropriate SSL Connection by consulting the Connection ID Cache. 132 133_For client side and MVP this module just checks that the received packet has 134the appropriate Connection ID and optionally schedules sending stateless 135reset for packets with other Connection IDs._ 136 137Datagram BIO 138------------ 139 140Implementation of BIO layer that supports `BIO_sendmmsg` and `BIO_recvmmsg` 141calls. 142
